Banks not transgressing ECT Act (yes, banks are scum)


Karmic Sangoma
Jan 17, 2005
[Johannesburg, 12 July 2006] - Legal firm Buys recently slated Standard Bank and Absa for allegedly transgressing the Electronic Communications and Transactions (ECT) Act, by not fully reimbursing hacked online customers and “hiding behind their terms and conditions”

However, Herman Singh, head of technology and engineering at Standard Bank, is angered by these claims. “We have fully refunded each one of our compromised customers,” he says.

Errol Smith, spokesperson for Absa, says: “We have sought legal advice and can say explicitly that we are not transgressing the ECT Act.”

According to Wim Mostert, director at Mostert Opperman Goodburn and chairman of the committee that drafted the ECT Act, the comments by Buys are “unfortunate and without legal merit”.

“Firstly, it does not automatically follow that a bank is liable for a client's loss, even if its systems were ‘hacked',” Mostert explains. “There must at least be ‘legal blameworthiness' in the form of negligence, which will only arise if a bank's security practices are found by a court of law to be less than would have been expected.”

Mostert says liability disclaimed in standard terms and conditions is perfectly lawful, as it is not clear whether section 43(5) of the ECT Act applies to online banking

He explains a bank cannot be held liable if an online banking account is compromised with identity theft through key-logging software and devices, because a bank has no control over those environments, only the client can manage such risk.

He also states that, while banks should create awareness on proper security practices, the law does not expect more than that, and most banks go much further than what is required by law.

“Lawyers should not express an opinion on the adequacy of online security practices, just as they should not express an opinion on whether, for example, a neurologist was negligent in diagnosing a cerebral condition. Only another neurologist can express an expert opinion on that,” he concludes.
Go Buys!

These banks are absolutely DISGUSTING. Time for me to change banks. ABSA are crooks
Last edited:


Expert Member
Dec 8, 2005
w1z4rd said:
Go Buys!

These banks are absolutely DISGUSTING. Time for me to change banks. ABSA are crooks
Come on, that's a bit extreme for this particular problem. I work with idiot users every day and that's in a reasonably technologically proficient company. Banks, however, have to deal with the unwashed masses.

If somebody gets his credentials phished, scammed, 419ed or stolen, then they deserve the IT equivalent of the Darwin award. If they can't be reasonably security conscious on the internet, why are they using it at all?

Of course, this doesn't matter when the bank screws up by eg, mailing its customer database to somebody by accident. :)


Executive Member
Jul 22, 2005
What is more of an issue for me, is banks selling your details to other firms. I hate getting cards in the post and offers of preapproved loans.